Summaries of topics (5/9–8/9)

Date of Activity: 5 September 2022 (Monday)

Topic: Golden Rules for Safety in Web3

Author: LuLu Holland

Link: https://luluholland.medium.com/golden-rules-for-saftey-in-web3-951e78148fb6

Before we discuss about the golden rules we need to follow to stay safe in Web3, we have to keep in mind some of the principles we have learned from Web2 to apply it in the Web3 space. Some of these examples would be to avoid clicking on links sent to you on Instagram or avoid sharing your social security number or bank account login information on social media platforms. Similarly, in the Web3 space, one should avoid clicking on links sent by unknown people and avoid sharing their wallet private keys and seed phrases. Next, let’s take a look at the three golden rules which include sharing, storage and security.

There are undoubtedly some things we should stay away from when it comes to sharing. Sharing your private keys and seed phrases is highly discouraged, as was previously stated. Your NFTs and cryptocurrency will all be accessible to anyone who learns your seed phrase, so be careful! Additionally, Web3 users should refrain from discussing sensitive or financial information with other community members in community chats.

The second golden rule that everyone in the Web3 community should adhere to is selecting the best storage method for your crypto assets. In essence, there are two forms of storage for cryptocurrencies; connected storage and disconnected storage. A hot wallet that is “connected” to the Internet, like Metamask and Coinbase, is referred to as a connected storage. On the other hand, an unconnected storage is a cold wallet that is “not connected” to the Internet like Trezor and Ledger. These cold wallets allows users to hold crypto separate from their computers.

The third and final rule is to prioritise your security and exercise caution when clicking on links. The general rule of thumb here is to read the link before you click on it. For example, if you are minting an NFT, always check if the link you are about the click matches the link from the project’s official page. Additionally, be careful of the random links you receive from strangers especially on Discord. Avoid interacting or clicking on those links.

To sum up, some of the lessons we’ve learned and put into practise from Web2 can be transferred to Web3, especially when it comes to protecting ourselves from being scammed. Always follow these three golden rules and you should be good to go.

Date of Activity: 6 September 2022 (Tuesday)

Topic: Crypto Security Tips: How to Never Get Hacked! 🔒

Channel Name: Coinsider

Link: https://www.youtube.com/watch?v=x_H8jtFi--w

Spending some time and money now to fortify the defences of your crypto assets will prevent you from having a tonne of headaches later on. This is especially important in light of the Ledger customer information leak in 2020 and the numerous people who were scammed and had their valuable Bitcoin and other cryptocurrencies stolen. This article will go through the best security and privacy procedures that cryptocurrency investors should follow to reduce their attack vector.

The foundational level to keep your assets safe is to have good network safety. For example, in public places, it is important to use a VPN to prevent hackers from using a compromised router to steal your data. However, people should also check their own home router and make sure that their password is highly secure. Also, if you feel like your home network has been compromised or if you see strange connections from devices you do not recognize in the past few days, weeks or months, don’t hesitate to reset your router settings.

The next immensely important thing we have to discuss is your web browser safety. NEVER save your passwords in your web browsers. Hackers will be able to hack your account to get to your passwords. Instead, you can use a password manager application to store your passwords. Be mindful of the extensions you add to your browser. Some malicious browser extensions will give hackers the ability to access your data including your data stored in the cloud, your passwords and more!

Next, let’s dive into crypto specific security tips. When you are using exchanges, you can use time-locked vaults like Coinbase which does not let you withdraw for a certain amount of time even if you want to, making it more difficult for hackers to get access to your crypto. Another excellent tip when it comes to exchange safety is to use withdrawal whitelist for addresses so that hackers cannot withdraw funds to addresses outside of the pre-set ones. Surprisingly, you can also whitelist IP addresses which only allows you to log in to your exchange app from the listed IP addresses. Basically, try to use all of the security features these exchanges offer you. The more features you use, the more secure your assets will be.

In crypto, if you lose your private keys, it’s game over for you unless you have backups of your keys. However, remember to never put these keys into cloud storages. Never email it to yourself either or try to memorise it because you can forget your keys easily. Some excellent alternative methods would be to put them in a bank deposit box/personal safe or you could also get a steel plate like CryptoTag to make sure your keys are water/fireproof.

Now after reading this article, you might ask yourself, “what do I do now”? The first thing you can do is audit your accounts. Look for anything out of the ordinary such as previous logins and devices, which APIs have access to your data and what their access levels are, previous activities and changes on your wallets and exchanges, and check these things on your email addresses and password managers too. Hackers often take their time to carry out attacks so do these audits periodically so that you don’t get caught off-guard.

Date of Activity: 7 September 2022 (Wednesday)

Topic: How to protect your assets? (A SparkWorld* thread)

Link: https://twitter.com/_SparkGM/status/1567512098296500232?s=20&t=7ZJH9HSzN2EnMaot2xJgHA

Billions of dollars are hacked every year in Web3 which makes it crucial for users to learn how to protect themselves and their assets. This article will talk about passwords, NFT and mobile safety, and some general tips that people in the Web3 space can follow.

Firstly, let’s talk about passwords. It is important to always use different passwords each time you sign up to anything new. Since you’ll have many passwords, this is when a password manager will come in handy to keep track of all your passwords across different platforms or websites. Always change the master password of your password manager frequently to prevent it from being compromised. It is recommended that you change your passwords regularly, weekly for important accounts (i.e., Discord admins) and monthly for less important ones. Two-factor authentication (2FA) is your best friend here so don’t forget to activate it.

Next, let’s talk about NFT safety. Never connect your main wallet to minting sites and always use a burner in case and transfer the NFT to your main wallet afterwards. It is important to note that no website, marketplace, NFT platforms or browser wallets like MetaMask will ever ask for your seed phrase or private keys so if you see a service provider asking that, then you know it’s a scam. Another excellent tip is to bookmark the marketplaces and NFT websites you use to mint from. Scammers may change the .com to .io or change a letter to trick users.

Mobile safety is something that is often overlooked. If you got crypto wallets linked to your mobile device, make sure to use 2FA but it is probably best to not link these to your mobile considering the risk of sim swapping.

When it comes to wallets, use a hardware wallet for your main hodling portfolio and long term holds. Try to only use your hot wallet (online wallet) for short term plays. Since seed phrases are the key to accessing the assets stored in your wallets, you need to make sure they are secure and not stored digitally. There are also other options that are damage resistant. For example, CryptoTags (titanium plates) are an excellent choice if you’re looking for something that is water/fireproof.

Some other general tips include keeping your main holdings off exchanges and third-party websites since your funds can get lost easily as you don’t have personal custody. Remember to never click on random emails and projects will never DM you asking for your seed phrase or private keys.

Date of Activity: 8 September 2022 (Thursday)

Topic: Examples of NFT theft cases and how you can prevent yours from being stolen. (A SparkWorld* thread)

Link: https://twitter.com/_SparkGM/status/1568205713737977857?t=fKAtn0GENliLxw_bgNJUWw&s=19

It is known that theft of assets is the most frequently reported concern across NFT communities so being NFT enthusiasts, how do we avoid turning into a victim of this digital crime? In this article, we will talk about examples of these theft cases and some general tips that people can follow to prevent themselves from getting scammed.

Every year, millions worth of NFTs get stolen. In May 2022 alone, about $24 million worth of NFTs were stolen through scams and more than $100 million worth of NFTs were reported stolen since July 2021. However, keep in mind that the actual numbers could be higher as most thefts aren’t always publicly reported.

There have also been multiple Discord compromises which has led to NFT projects on Discord accounting for 23% of all NFTs stolen. This is close to NFTs worth around $20 million stolen just in 2022. Who were the culprits responsible for this robbery? Tailored malware that is able to bypass the multi-factor authentication is said to have played a part in this.

Another example of NFT theft cases was seen when a $540 million heist from Axie Infinity’s Ronin Bridge by North Korea’s Lazarus Group shocked the entire NFT community. This is a clear example of state-sponsored exploits. Similarly, there was a threat from a sanctioned entity or more specifically the US-sanctioned Chatex cryptoasset exchange which was caught possessing NFTs. Overall, NFTs have been bought with digital assets worth more than $160,000 came from sanctioned entities.

If you have made it this far through the article, you would have realised how important it is to secure your assets. You can start doing that by following some of our Discord safety tips. Firstly, never accept unsolicited invites to Discord servers and do not rely on unclear roadmaps. Some of these roadmaps are plagiarized but you can easily check them for plagiarism using this site: https://plagiarismdetector.net.

When discussing about NFTs, it is also crucial to understand that acting on your fear of missing out (FOMO) will do more harm than good in most cases. Never follow the herd blindly and before investing into a project, do your own research about it so that you, the investors, know what you guys are getting yourselves into. A bonus tip would be to keep in mind that celebrity endorsements do not guarantee a project’s legitimacy as seen in projects from the past.

NFTs are stored in your wallets so it is a no-brainer to make sure your wallets are not compromised. Store your NFTs in a hardware/cold wallet for maximum security. If you’re trading NFTs with someone, make sure they actually own the NFTs by looking at the contents of their wallet on a block explorer or NFT marketplace; do not blindly trade as the chances of you getting scammed is quite high considering that most of these traders are people you do not know. Finally, before connecting your wallet to a website, make sure the URL of the associated NFT project is the one you want to connect to.

‍